[Plugin: Comment Technical Data] This Plug-in needs more sanitation of fields sent back, when emaile
This plug-in sends extra info about the commenter back to the WordPress admin. However, some of the fields such as the USER-AGENT, can be spoofed and send back
We’ve only gone as far as trying basic XSS alerts, but with someone who spent more time digging into the spoof data it might also be possible to send a CSRF if the admin was logged in and the code executed against their email reader or redirected them to their own wordpress site to send commands.
- The topic ‘[Plugin: Comment Technical Data] This Plug-in needs more sanitation of fields sent back, when emaile’ is closed to new replies.